Sunday, August 16, 2015

The Defense Security Service just issued its 2014 report "Targeting U.S. Technologies: Trend Analysis of Cleared Industry Reporting" (.pdf). DSS's mission is, in part, to secure the nation's technological base against acts of industrial espionage. These annual reports highlight specific technologies that have been targeted by foreign actors as reported to DSS. In FY13, the agency received and reviewed over 30,000 reports.

Each year DSS highlights a technological sector. In 2014, it was "Inertial Navigation Systems" used in commercial and military aircraft, spacecraft, and naval vessels.

Based on information received from cleared defense sector companies, DSS analysts were able to identify five distinct methods of operation when targeting INS technologies:

an attempt to purchase (usually by finding a corrupt company in an allied State to act as the middleman)

academic solicitation

solicitation or marketing services

sending a Request For Information (RFI)

foreign visit (such as attending a conference in a foreign State)

DSS analysts also break down collector affiliations into five categories: commercial, government, government-affiliated, individual, and unknown.

This is easier to do with tangible collection activities as described above than with cyber attacks, which DSS (to its credit) acknowledges in the conclusion of its report (p.71). With an RFI or an invitation to attend a conference, you know who sent the invitation. With a cyber intrusion or what DSS calls "Suspicious Network Activity (SNA), it could be anyone.

However, cyber espionage is simply a new way to conduct industrial espionage so it's reasonable to assume that governments and corporations who are attempting to acquire a specific technology in any of the five ways detailed by DSS will also use a network attack if it will produce a successful end result. See our white paper on espionage-as-a-service, for example.

What the DSS Report Won't Tell You

The Defense Security Service produces one of the very best analytic reports available today, both in terms of sound intelligence collection and analysis methodologies (missing from 90% of cyber intelligence reports) as well as actionable content. However, it doesn't tell you who is doing the collecting. It also doesn't provide the entirety of any nation's technology acquisition interests. If your company doesn't produce any of the INS-related technologies mentioned in this report, does that mean that you're safe from foreign collection efforts? Absolutely not.

That's why we built the Redact™ knowledge base and the OverWatch™ intelligence feed. Used in conjunction with the DSS report, you can identify which Chinese and Russian government institutes, universities, state key labs, and state-owned enterprises have received funding for high priority technology R&D projects, and which of those have been reconnoitering your company's website for product information. We are also mining South Korean and French institutes and will be adding more nations over the next few months.

Compatible with Maltego and other Threat Intelligence Platforms

Our OverWatch™ intelligence feed is written in Common Event Format (.CEF) and is compatible with many SIEM products including ArcSight ESM, Splunk, and ThreatStream. We are also about to launch our Maltego transform.

OverWatch™ will alert in real-time when one of the foreign government research institutes that we track is visiting your website while Redact™ will provide you with the details on their government funded R&D projects. We are currently scheduling demos for new corporate customers as well as federal agencies who are approaching the end of the federal fiscal year.

Redact™ is the only commercial database of its kind outside of a classified environment. Read our current product brief and contact us today for an online demonstration.

NOTE: This is cross-posted from the original article at the Taia Global website's blog.

Thursday, August 6, 2015

I've written an OpEd on why the White House needs to look at deterrence in cyberspace differently based upon their announcement via David Sanger at the New York Times that they're looking at taking action against China for the OPM hack.